Security News > 2023 > September > Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

2023-09-20 12:38
Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with
News URL
https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html
Related news
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-19 | CVE-2023-40934 | SQL Injection vulnerability in Nagios XI A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | 7.2 |
2023-09-19 | CVE-2023-40931 | SQL Injection vulnerability in Nagios XI A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | 6.5 |